Description
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:LExploitability: 2.0 | Impact: 6.0Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: Low
Affected Packages2 packages
🔴Vulnerability Details
2CVEListCVE-2025-43257: This issue was addressed with improved handling of symlinks↗2026-04-02 GHSAGHSA-56pf-93rp-5vq3: This issue was addressed with improved handling of symlinks↗2026-04-02 📋Vendor Advisories
1AppleCVE-2025-43257: macOS Sequoia 15.6↗2025-07-29 🕵️Threat Intelligence
1WizCVE-2025-43257 Impact, Exploitability, and Mitigation Steps | Wiz↗